Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Ethical Hacking Tools · modules
The tools every pen-tester uses daily. Nmap to Mimikatz with hands-on workflow.
Module 13 · OSINT & External Recon
Recon is the cheapest, highest-yield phase of any engagement. Tools that pay back the time investment. Subdomain enumeration # Passive (no traffic to target) subfinder -d target.com -all -silent amass enum -passive -d target.com crt.sh search ("%.target.com") # Active (more thorough) amass enum -active -d target.com ffuf -w subdomains.txt -u https://FUZZ.target.com Search engines for hackers […]
Module 14 · EvilGinx — Modern Phishing
For defensive understanding only. Don’t deploy without clear authorisation. EvilGinx is the proof that “MFA stops phishing” was true in 2018, false by 2024. How proxy phishing works Attacker hosts EvilGinx with a phishlet for the target service (Microsoft, Google, etc.). EvilGinx is a transparent reverse proxy: requests come in, get forwarded to legitimate service, […]
Module 5 · Mimikatz — Credential Extraction
Mimikatz is the tool that defined modern Windows credential attacks. Benjamin Delpy’s 2011 research paper accompanying it single-handedly changed how the security community thinks about Windows auth. This module covers what Mimikatz does, how defenders catch it, and why Credential Guard matters. What it extracts Mimikatz reads credentials from process memory (primarily LSASS — Local […]
Module 4 · Hashcat — Password Cracking
Hashcat is the world’s fastest and most widely-used password cracking tool. GPU-accelerated, supporting 300+ hash algorithms, it’s what every serious pen-tester and every serious attacker uses after recovering password hashes. When you use Hashcat Pen-test: you extracted NTLM hashes from an AD dump (DCSync, ntds.dit). Crack to recover passwords. Pen-test: you recovered /etc/shadow. Crack SHA-512 […]
Module 3 · Metasploit Framework Basics
Metasploit Framework (MSF) is the world’s most widely-used exploitation platform. It bundles thousands of exploits, payloads, post-exploitation modules, and auxiliary tools under one console. This module gets you comfortable launching your first authorised exploit and understanding what MSF is doing behind the scenes. Core concepts Exploit — code that takes advantage of a vulnerability Payload […]
Module 2 · Burp Suite — Web Application Testing
Burp Suite is the web security practitioner’s daily driver. If you test web applications, you use Burp. This module gets you from install → first intercepted request → basic testing flow, without the 300-page manual. What Burp Suite is A web application security testing platform. At its core: an intercepting proxy that sits between your […]
Module 1 · Nmap — Network Discovery and Port Scanning
Nmap is the first tool every security practitioner reaches for. Pen-tester? You’re using nmap. Defender auditing your attack surface? Nmap. Discovered a new subnet you need to profile? Nmap. This module takes you from “I’ve typed nmap once” to “I can scan intelligently, interpret results, and avoid triggering every IDS in the building.” What nmap […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.